What version of Kimi Code is running?
0.15.0
Which open platform/subscription were you using?
subscription
Which model were you using?
kimi-for-coding
What platform is your computer?
macOS (Apple Silicon)
What issue are you seeing?
When using kimi acp mode, all authorization/permission prompts return only a generic "bash" string instead of the actual command that needs to be authorized. Because no concrete command is provided, ACP clients cannot implement automatic authorization — there is simply nothing to evaluate against allow-lists, deny-lists, or any policy rules.
In a normal terminal session, the CLI displays the full command and lets the user approve or reject it interactively. In ACP mode, the response is reduced to just "bash" with no command content. This means:
- The client cannot determine what action is being requested
- The client cannot apply any authorization policy (allow/deny rules)
- The client cannot auto-approve safe commands or auto-deny dangerous ones
- The client cannot even present the command to a human for manual review
What steps can reproduce the bug?
Using agentline as the ACP client:
- Start
kimi acp and connect agentline as the ACP client
- Send a message in the IM platform (e.g. "create a file named test.txt")
- agentline forwards the request to
kimi acp via ACP protocol
- kimi acp processes the request and triggers an authorization prompt (e.g. to write a file or execute a shell command)
- The ACP authorization response is received by agentline — but it contains only
"bash", not the actual command
- agentline attempts to apply its authorization policy:
- Cannot match against allow-list → auto-approve fails
- Cannot match against deny-list → auto-deny fails
- Cannot display the command to the user in IM → manual approval fails
- The operation is stuck — no authorization decision can be made, and the agent cannot proceed
Result: Every operation that requires authorization is permanently blocked. The ACP client cannot perform automatic authorization because there is no concrete command to evaluate.
What is the expected behavior?
ACP authorization responses should include the full, concrete command that requires authorization — exactly as the terminal mode does. The client needs the actual command content to:
- Apply automatic authorization policies (allow-list / deny-list / pattern matching)
- Auto-approve safe operations without human intervention
- Auto-deny dangerous operations based on security rules
- Fall back to human review when the policy is uncertain
Additional information
The terminal mode of kimi-code handles authorization correctly — it displays the full command and waits for user input. The ACP mode should mirror this behavior by returning the complete command in the authorization response payload, not a generic "bash" string.
This is critical for any ACP integration that needs to operate as an automated service. Without the actual command in the authorization response, clients cannot implement any form of programmatic authorization — neither automatic policy-based decisions nor human-in-the-loop review.
What version of Kimi Code is running?
0.15.0
Which open platform/subscription were you using?
subscription
Which model were you using?
kimi-for-coding
What platform is your computer?
macOS (Apple Silicon)
What issue are you seeing?
When using
kimi acpmode, all authorization/permission prompts return only a generic"bash"string instead of the actual command that needs to be authorized. Because no concrete command is provided, ACP clients cannot implement automatic authorization — there is simply nothing to evaluate against allow-lists, deny-lists, or any policy rules.In a normal terminal session, the CLI displays the full command and lets the user approve or reject it interactively. In ACP mode, the response is reduced to just
"bash"with no command content. This means:What steps can reproduce the bug?
Using agentline as the ACP client:
kimi acpand connect agentline as the ACP clientkimi acpvia ACP protocol"bash", not the actual commandResult: Every operation that requires authorization is permanently blocked. The ACP client cannot perform automatic authorization because there is no concrete command to evaluate.
What is the expected behavior?
ACP authorization responses should include the full, concrete command that requires authorization — exactly as the terminal mode does. The client needs the actual command content to:
Additional information
The terminal mode of kimi-code handles authorization correctly — it displays the full command and waits for user input. The ACP mode should mirror this behavior by returning the complete command in the authorization response payload, not a generic
"bash"string.This is critical for any ACP integration that needs to operate as an automated service. Without the actual command in the authorization response, clients cannot implement any form of programmatic authorization — neither automatic policy-based decisions nor human-in-the-loop review.